On Linux MAINTAINERS file removal of Russian developers
39 comments
·October 26, 2024chikere232
mdp2021
Also in other articles, it was not clear why those individuals were targeted, and it seemed it could be just because of the passport.
(It seems, from other sources, that it is because of their employer.)
ajdlinux
"I was under the naive assumption that it's individual developers who work together, and their employers do not really matter."
This assumption is not just naive but completely oblivious under normal circumstances, let alone in a discussion about sanctions regime compliance and risk management.
sligor
People should stop to use the term "Russian developers", this attracts a lot of people complaining about Russophobia (either innocently or not...)
They were removed NOT because of being Russian but because of their link to Russian state owned company (also, either legitimately or by mistake...)
gb12ayg
I find it sad that there are so many reductive comments here. The author of this article is very nuanced:
Should U.S. developers have been sanctioned over the Iraq war that was launched under false pretenses (non-existent WMD)?
Should company sanctions apply to individuals who happen to work for such a company?
Should the matter have been handled more gracefully than a stealthy removal from the MAINTAINERS file?
Has the culture of the Linux Kernel changed?
The culture has certainly changed, almost all big OSS projects have been captured and are essentially governed by corporations.
Perhaps Torvalds has been legally pressured, but 20 years ago he would have put up a fight at least. Back then everyone was proud that OSS could be used by anyone for anything. Now he attacks critics with the Russian troll meme. This is the worst of Torvalds I have seen so far.
So far, he does not seem to have any issues with exporting the Linux Kernel to Russia, which should also be prohibited by sanctions.
perihelions
- "exporting the Linux Kernel to Russia, which should also be prohibited by sanctions."
There's no export controls of non-commercial, non-ITAR software; such a thing would quickly run into a First Amendment wall. As PGP's Phil Zimmerman observed thirty years ago, you can always just print out your source code on paper and bind it as a book. Can the US government outlaw a book? Of course not.
- "In 1995, Zimmermann published the book PGP Source Code and Internals as a way to bypass limitations on exporting digital code. Zimmermann's introduction says the book contains "all of the C source code to a software package called PGP" and that the unusual publication in book form of the complete source code for a computer program was a direct response to the U.S. government's criminal investigation of Zimmermann for violations of U.S. export restrictions as a result of the international spread of PGP's use.[7]"
https://en.wikipedia.org/wiki/Phil_Zimmermann#Arms_Export_Co...
mdp2021
> Now he attacks critics with the Russian troll meme
You should really provide more grounds for stating that.
google_boy
One second to find using Google:
https://www.theregister.com/2024/10/23/linus_torvalds_affirm...
Quote in the middle of the article.
throwaway13337
It's people that work for Russian state owned companies - not just Russians in general.
A lot of the discourse wants to muddy the water to make it sound like it is against all those of Russian background - it is not.
Russian people are not the Russian state. Blurring the lines only polarizes which, I imagine, is often the intent.
This article's framing is disingenuous.
ivan_gammel
Aside from numerous ethical issues with this story, it doesn’t make a lot of practical sense. They are not major threat to avoid, even taking into account xz precedent - I don’t think it’s easy or even feasible to plant any backdoors to Linux kernel this way. This will not make any impact on Russian government or military operations or impair their OS development effort (Astra Linux will be just fine). It sounds pretty much like some legalese ass-covering met the unhinged personality of Torvalds with the scandal as the only outcome.
jpfr
Yes, this can be circumvented. But the optics are important.
Imagine a backdoor planted by a Russian asset. Linux could get removed from some list of approved OS that can be used in a government context.
ivan_gammel
> Imagine a backdoor planted by a Russian asset.
Email-based filtering of maintainers is not even close to what could be considered adequate security measures. In fact, when CISO or OSS starts caring about the optics, it’s a red flag.
JSDevOps
What I don’t understand is there must be tonnes more Russian maintainers and contributors to this? What’s the score there?
perihelions
That's because the sanctioned entities are individual Russian companies on the OFAC list, not Russian citizens generally. All of the initial media reporting (speculation, really) turned out to be wrong (because of deliberate non-transparency on the part of Torvalds, in his public statements).
https://lwn.net/ml/all/7ee74c1b5b589619a13c6318c9fbd0d6ac7c3...
- "We finally got clearance to publish the actual advice: If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file."
axpvms
My heart bleeds for the poor Russian military contractors
chx
Apparently people working on open source are just looking for an excuse to pontificate. Same as with Bitwarden, simply raising the issue and then waiting a little for an answer is enough.
https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfd...
> If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.
That's all.
Both could've been handled better but there's no need to write ten thousand open source philosophy comments on the issue itself, bad articles and HN comments.
mdp2021
> simpler [...] That's all
Actually it is not, because the confusion shifts to OFAC and the question becomes "why should people employed by companies under those identified by etc. be barred from contributing to the Linux Kernel".
jaggs
Please don't feed the trolls!
pyeri
[flagged]
chikere232
>> complies with legal requirements relating to sanctions against a country conducting a war of conquest in europe
> "xenophobia"
ok.
AndyMcConachie
It's not just perception. Linus assertively decided to wrap this in his own Finnish identity and history. I don't think the developers removed from the MAINTAINERS file were personally involved in Stalin's invasion of Finland.
At this point I kinda have to assume posts like these are just concern trolling and aren't really worth taking seriously
If it's genuinely naive, this is a great time to wake up to the fact that russia is conducting a war of conquest against a european country, and this is why they, and a bunch of companies associated with that, are being sanctioned. Why would any reasonable project try to circumvent such sanctions?